How To Avoid the Plague

Cryptoviruses (a computer virus that encrypts a victim’s data in a way that the data can only be retrieved via a key made by the attacker) are the current weapon of choice of those bent on using malware to either cause electronic destruction or criminally extort money from anonymous reaches of the internet. In 2016, ransomware (a virus that encrypts or otherwise locks away a victim’s data) payments were estimated to hit $1 billion for the year.

The virus currently in the news is called Nyetya:

“After an hour of attempting to spread across the network, computers infected with Nyetya will reboot. After restarting the computers will appear to run CHKDSK (utilised to check the hard drive for errors) but the malware is actually encrypting files. Once this is completed the master boot record (MBR) is overwritten with a custom loader that will display the ransom note on boot.

“The ransom note presented to the user informs them that their files are no longer accessible and that $300 worth of Bitcoin will need to be paid to a specified Bitcoin wallet address in order to get the decryption key necessary to access their files. The user is instructed to e-mail a posteo.net e-mail address with information to identify their Bitcoin payment transaction. Posteo has disabled the e-mail account in question, it is not possible for victims to get decryption keys following payment as a result of this.

“Microsoft confirms that the initial infection vector for this malware was caused by a software update for MeDoc, a Ukrainian tax accounting package, pushed out via a hacked server. There have also been reports of the malware spreading via phishing e-mails.”

Viruses have gone from annoying interruptions which required expensive support to clean your computer of infections, to destructive invasions which destroy all the information on your hard drive. Below are several tips on how to avoid getting infected, but as a home user one of the most important tips is to keep a backup of all of your important data on an external drive of some sort – like a thumb drive, home network drive, or external hard drive – something that isn’t always directly attached to your computer where it could be destroyed by a virus.

Don’t click a link in an email unless you are 100% certain that it is safe to do so. If there is even the slightest doubt, delete it immediately or send it to the Helpdesk (if you have one).

Don’t open or respond to emails that look suspicious, unusual or appear to be from someone you don’t know that asks for personal or financial details.

Ignore attachments that you weren’t expecting, especially if you don’t know the sender. Many malicious attachments masquerade as Word documents or familiar file types, so check with your IT team if there is any doubt.

Check your spam folders regularly in case a legitimate email gets caught in the filter. Whitelist important email addresses so they won’t get filtered in the future.

Never give out personal details by email or fill in forms that pop up when you open an email as these will often be phishing attempts.

If you haven’t given your address to a business that emails you, do not open or interact with the message.

If you get a notice from a financial institution or any other online account stating that you need to upgrade your details or change your password, don’t follow the instructions, but go directly to the institution’s website and see if your account is in order. Financial institutions will never ask for these details over email nor will most other reputable institutions.

If you think you might have opened an email with a malicious attachment or clicked or a malicious link, shut down your machine immediately and inform your IT department. They will then be able to isolate that machine from the network and run any necessary scans. If you don’t have an IT department, take it to your local PC technician for a virus check.

If you receive an emailed calendar invite from someone you don’t know or it looks suspicious, don’t accept it. If it is from a colleague who is not using a corporate email address, find out it if it is real. In any case, delete the invite just to be certain.`

Be careful when logging onto Wi-Fi networks, especially public ones. Always stick with trusted providers and avoid suspicious-sounding SSIDs. Hackers often spoof genuine SSIDs in order to steal passwords and user names.

Don’t use the same password for your work email account as your personal one.

Avoid posting your work email address in public forums, blogs and websites unless it is absolutely necessary. You will be making it too easy for hackers to get your address and use them for various spamming attacks.

Never download any software that has not been approved by your IT department. This could open a backdoor for hackers to gain access to your company’s network and use your computer as part of a botnet that will spew spam across the world. At home, try to stick with reputable software producers or peer-reviewed software that has been checked for problems. If you don’t know, doing an internet search for reviews of a software program will usually produce an abundance of information.

If you don’t have an IT department, here in the Yakima Valley most of the smaller internet service providers and repair shops will be happy to answer your questions on the phone and advise you if they think that you should take your PC to a repair shop. Additional tips can be found here